Is there a download available to rid me of this wretched curse? It has disabled my anti virus devices and my Orange dongle which I use to access the net.

I have access to another computer at work, so can download any suggestions made. I am aware of various step by step options, but my general lack of literacy and failing vision make this course a very difficult option.

Any assistance would be appreciated.

Aibek

January 25, 2011 at 8:57 am

Hi Brian,

So, did you managed to get rid of the System Tool 2011 malware using the recommendations above? Let us know.

Aibek

Mike

January 18, 2011 at 7:36 pm

On the Symantec forum I read that one of the following tools should be able to get rid of the "System Tool 2011" infection

Superantispyware and Malwarebytes are two of the best antimalware scanners. On this link there are four different downloads.
Try getting the one with a .com extension. Sometimes viruses will not let you install antimalware scanners
that have an .exe extension.

2.- Start up you computer and as soon as you get your desktop do the following:
If running xp: windows key>>run>>msconfig>>BOOT.INI TAB>>check mark safe boot>>apply>>ok>>if asked to restart
say no. Also you can keep pressing the F8 key when booting to access safemode.
If running vista/windows 7: start>>type msconfig in search bar>>when you see msconfig appear, right click>>
choose run as administrator>>boot tab>>safe boot>>appy>>ok>>if asked to restart say no.

3.- Try to Run rkill from flash drive. To run the executable for rkill just double click on it and is asked any
questions just answer them. Let the program run until finish. This should give you time to do other stuff to
prepare your system without the fake antivirus pop up screens.

4.- Make sure to clean cookies, temp files, etc. from your system. You can use crapcleaner for that with the default
settings.

5.- Turn system restore off. There are viruses that even if you cure them in safemode replicate when you start
your system normally because there are traces in system restore points.
If running xp: windows key+Pause/break at the same time>>system Restore>>highlight your drive (C:)>>check mark
turn system restore off.
If running vista/windows 7: windows key+pause/break>>Advance Settings>>System Restore

6.- Update your installed antivirus and then restart your system. Your next boot should be in safemode. Black screen with only your basic drivers and on every
corner it should say safemode.

7.- Run superantispyware. There is no need to run an update if you downloaded the file recently. Also you can start
in safe mode with networking so that you can update the definitions if you want. Pick full scan and wait for the
scan to finish. See what it finds and click next. It is going to ask you if you want to delete files or quarentine
them. Delete whatever it finds.

8. Scan your drive with your installed antivirus and let it do its thing. Depending on your antivirus configuration
it is either going to delete whatever it finds or quarentine it. If you downloaded kaspersky antivirus rescue disc
and followed the instructions to burn it to a cd, you will have to exit safemode and when booting the computer go into
BIOS and change boot order to start from cd/dvd. If you download clamav you can run it from the flash drive.

9.- If you accessed safe mode through msconfig, go back to msconfig following the procedure you used before and uncheck
safe boot. Restart your computer and it should start in normal mode. If the software used got rid of your virus you
should be able to access your system without any problems.

10. Do a full scan with superantispyware and your installed antivirus or you can run clamav again. Hopefully your scan will
be clean. To make sure you can go to this link to double check. It is an online scan:

[url]http://www.eset.com/online-scanner[/url]

11. Run Malwarebytes on normal mode. Make sure to update it. You can run malwarebytes from your flashdrive or intall it.

12. To double check go to the All Users folder, unhide system files and see if you can find the executable for the fake antivirus.
It usually has a weird name with numbers and letters and it should have an .exe extension. The sure way to find it out is
by comparing the icon for the fake antivirus. It should look the same as the icon on your desktop.

13. Once the online scanner gives you a clean result you can turn the system restore on and create a restore point. Hope it helps.

Anonymous

January 18, 2011 at 8:02 am

Hi
I suggest to boot to safe mode and scan with clamwin and malwarebytes antimalware Also you need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s).

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system. You can follow this metho for removal of the infection. It uses RKIL to kill the malware.